29 February 2000: Add comments. Link to NSA report to Congress on legal standards for electronic surveillance.

26 February 2000

The NSA Bot Now Spying?

The famous NSA bot appears to have abandoned its nearly 4-year mission to download most everything put on Cryptome. The daily siphon stopped in mid-December 1999, and hasn't restarted. Nearly all other visitors from the ncsc.mil domain have stopping coming as well.

We initially thought that this might be due to the US military hunkering down for Y2K-related attacks or breakdowns, with Web surfing temporarily suspended.

Now, though, either it's been authoritatively decided that this site is worthless, is diseased by forbidden materials, is a FISA target, or, more probably, that our ncsc.mil friends are now surfing covertly. Perhaps using benign addresses at AOL, IBM, PSI, and so on, as many of us have learned to do to hide from prying site operators siphoning visitor data for obscene purposes -- say, puerile commercial banditry, or vile political agenda.

We see a fair number of .mil and .gov visitors, and welcome them all to get away from pointless duties at overly-surveilled base and office. Look at us here trying the same.

A few try to cloak their addresses with use of anonymizers, a smart practice we believe, but the seem not have learned to properly configure the service to conceal their true addresses which show up in the logs baldly displayed.

Spying At Home?

None of this is news to site operators who study their logs with demented obession, like us, but we question the practice of .mil and .gov visitors covertly surfing on official duty, as it appears they do from what we see here. Seen any fbi.gov visitors to your site lately? No, the Bureau uses IBM or PSI or such to covertly surf. We regret that NSA may now have sunk to doing the same.

For covert surfing by military and government officials, is, to Cryptome, spying.

Covert military and government spying, by any country, is a no-no, and we'd feel a lot less threatened if mil/gov visitors used machines with true addresses when they come here on official work. Just skip covert, thank you very much, that kind of craven activity has really caused the world trouble, especially when done at home.

Coming here to escape duty and the rat race, why, then use any cloaking address you like. We think anonymous killing time is a great contribution to civilized life.

But one of the greatest threats to civilization are covert military and government snooping on citizens of any country, but especially their home country. We urge the use of honestly identifiable machines to earn trust. We admire officials who immediately identify themselves when calling, and fear those who don't; same goes for their cyber weaponry: show that those machines are being deployed by trustworthies -- ID the agency. Most do from around the world, except those with something to hide.

Come on back, ncsc.mil, openly: don't spy on Americans, that's illegal, we're told, and told, and told, and find hard to believe when looking at contrary evidence.

Overt DNS
(Once) National Computer Security Center, Ft. Meade, MD (ncsc.mil)
MISSI Program (missi.ncsc.mil)
U.S. Department of Justice (usdoj.gov)                  
Central Intelligence Agency (ucia.gov)
Executive Office of the President (eop.gov)
Office of the Secretary of Defense (osd.mil)
US Army (army.mil)
US Navy (navy.mil)
US Marine Corps (usmc.mil)
Defense Threat Reduction Agency (dtra.mil)
Government of Israel (gov.il)
Government of Kuwait (gov.kw)
Government of Libya (gov.ly)
Government of Mexico (gov.mx)
Government of South Africa (gov.za)
Government of Singapore (gov.sg)
Government of United Kinddom (gov.uk)

Covert DNS
National Computer Security Center, Ft. Meade, MD                 Unknown
Federal Bureau of Investigation - (at DoJ)             
Federal Bureau of Investigation - (NET-FBI) FBI        
Federal Bureau of Investigation - CJIS (NET-ITN) ITN      
Federal Bureau of Investigation - FBI Academy (NET-NCAVC) NCAVC
Federal Bureau of Investigation - FBI Laboratory (NET-CHEMTOX) CHEMTOX
Federal Bureau of Investigation - (FBI-DOM) Information Resources Division
Bureau of Export Administration (bxa.doc.gov - failed anonymizer)

Comments to: bot@cryptome.org (Tell if anonymity wanted.)


Date: Sat, 26 Feb 2000 23:59:34 -0600
From: axion <root@david15.dallas.nationwide.net>
To: nsabot@cryptome.org
Subject: nsabot

As far as the nsa or whomever goes, it's more important to make certain that they not be able to profit from "zealous browsing", than to try and find a way to prevent them from accessing otherwise publicly accessible information. If the yoyos in the government didn't peruse the internet to do whatever it is they do with those heinous cads and bounders that depart from the party line, some zealot on a mission that doesn't work for the state, would be compelled to report all of the information he/she is considers "improper" (whatever that is). If they can derive no benefit from such activity (as in legal benefit for reasons of preparing a case), then it's not worth their time to look for things or pay attention to misguided zealot informers. As long as the government can legally benefit from such activities, no regulations or oversight will prevent them from doing so. In fact, because of secrecy, no one even knows what these people are authorised to do anyway. The only solution is to dust off the 4th, 5th and 6th amenmendts to try and save what's left of the rapidly vanishing 1st. Personally, I'd solve the problem via amendment that takes the ability away from the governement to maintain any secret information of any sort for any reason and eliminate the plea bargaining used to obtain leverage against defendants but that isn't very likely to happen. A government that cannot profit through ill-gotten gains will have no incentive to look for any opportunities. You'll notice that the first 10 amendments are ALL restrictions imposed upon the government, while the majority of recent amendments are limitations by the government upon the first 10. If the government is interested in your site, they'll stay interested whether they make themselves obvious or not. At least before, they were obvious. Now, maybe you're a tree in a semantic forest.



Date: Sun, 27 Feb 2000 13:38:19 -0500
To: bot@cryptome.org
From: "Betty G. O'Hearn" <betty@infowar.com>
Subject: Thanks

Mr. Young:

You are amazing and wonderful.

Thanks so much for having balls.

Betty O'Hearn

Date: Tue, 29 Feb 2000 20:45:00 -0500
From: Peter <peter@hereintown.net>
To: bot@cryptome.org
Subject: .gov


i think it would be much easier you create a mailinglist only for .gov and .mil so that they recieve e-mails every time you change somethings on your page. That would make two things easier: 1. less traffic for you and your server , 2. .gov and .mil don't need the money for there bot anymore and still have the latest news....i think that's a good idea....yes!


Date: Tue, 29 Feb 2000 21:31:14 -0500
From: Andre Robatino <andre@bwh.harvard.edu>
To: bot@cryptome.org
Subject: The NSA Bot Now Spying?

  Now you've gone too far.  Referring to anonymous access of publicly available information as "spying" is a rather expansive definition, to put it mildly.  It's just so plainly absurd that you're making it easy for the intelligence agencies to use it as a straw man.  The real problem is when they directly or indirectly use force to invade privacy.  Accessing public info doesn't qualify.  (And yes, I intend this to include when people do business online without first getting a promise from the company not to use the data.  That's not an invasion either.)